…on the Twitter account owned by LulzSec that they had turned their attention to the NHS. Curiously enough, they seem to have been restrained and even responsible: while there’s an image out there of a message they claim to have sent to an administrator at an unidentified NHS site, they blacked out the details.

The BBC program Panorama last night investigated claims that the News of the World hired a hacker to break into a subject's PC to steal emails. In fact, it appears that the unnamed hacker installed a Trojan on the victim's PC. Which sounds like a fairly unequivocal breach of the Computer Misuse Act, which outlaws

[Update: the BBC Radio 6 issue is now confirmed by WebSense (apologies for misattributing it earlier!), who have more detail here, and note that areas of the BBC 1Xtra radio station Web site are also affected.] I hear from ESET colleagues in the UK that the BBC's Radio 6 homepage (one of the Beeb's music stations) is

You may have gathered from some of the blogs published here last year that i'm not biggest fan of the BBC's "Click" programme. I regard the Beeb's forays into buying botnets and stolen credit card details and making active use of them as at best naive. I agree that people need to be aware of such issues,

This wouldn’t normally be the place to discuss the ongoing decline of the fortunes of the British Government, but there have been several IT-security-related stories coming out of the Mother of Parliaments worth a closer look. Back on March 10th, The Register reported that MP (Member of Parliament) Alun Michael had reported to the police that he

The BBC published a self-justification of sorts over the Click fiasco on Friday 13th March: when I came upon it the following morning, I posted a comment there, pointing out Mark Perrow had addressed the issues this industry hadn’t complained about, and ignored the issues that we were concerned about. My comment is number 14,

The Tech Herald have brought it to our attention that Comodo, a security company who include an antivirus product in their range, have backed the BBC’s action in buying and exploiting a botnet for the Click programme’s story. This is clearly swimming against the tide – virtually all the mainstream anti-malware companies who’ve commented have

And still the controversy rages: several people have pointed out that it’s unlikely that the PCs in the BBC’s botnet are all in the UK, suggesting that there could be additional legal issues relating to other jurisdictions. The H reiterated the point that Ofcom regulations state that payment shouldn’t be made to "convicted or confessed

[update] Commentary by Larry Seltzer for eWeek: http://www.eweek.com/c/a/Security/The-British-Botnet-Corporation-324874/ I don’t promise that this is my last word on the subject, but, having now seen the full Click programme and the BBC’s response to some of the criticism they’ve received, I found I had a few more things to say on the topic. If you aren’t

Update: several nice, thoughtful blogs on the subject from John Graham at http://john-graham.me.uk/. International law firm Pinsent Mason’s Struan Robertson seems to agree (at least in part) with commentatory in the security industry that the BBC have broken the UK’s Computer Misuse Act. Robertson, focused on the Click program’s unauthorised access to 22,000 bot-compromised PCs in order to